Skip to content

Cybersecurity Tips and Strategies

Outsmart the scammers with these risk management tools and techniques.

Lock to represent cybersecurity

The requests, alerts and invitations arrive by text, email, messaging and phone call. They appear on websites and social media pages, such as Facebook and LinkedIn. The request may appear to come from a person where you work, asking you to please send a gift card. Or perhaps a text arrives asking you to confirm an expense on Amazon—followed by email reminders asking you to sign an attached document. Have you clicked on a message like that? If one of your accounts has been hacked or your identity used fraudulently, you are not alone. In a survey from the National Cybersecurity Alliance and CybSafe, among respondents willing to admit to being a victim of cybercrime, 24% reported identity theft and 36% reported phishing that led to a loss of money or data (Nurse et al. 2022). Turns out cybercriminals have a lot of tricks.

Human Behavior Is the Biggest Cybersecurity Risk

Most often, people let their attacker in. Human actions account for 82% of all data breaches, either because of responding to a phishing email or making an error or because an attacker stole credentials, such as a username and password (Verizon 2022).

Why do we humans fall for phishing scams? We’re busy and move fast without thinking. We fall for a good story or accept a plea to act urgently. People have a tendency to assume others are honest or that it’s a good deal—too hard to resist. It’s natural to help a friend or colleague or to be worried about an unauthorized charge on your bank account (Lameiras 2022; Freundlich 2021).

The first line of defense in cybersecurity against cyberattacks is to stop and think. “Cybercriminals use persuasive influencing techniques, and the [email or text] messages are often framed in terms of authority/urgency, loss/fines, gain/winning, sympathy/liking, as well as reciprocating a favor,” explains psychologist Inka Karppinen, PhD. “Phishing emails are specifically designed to evoke emotional responses . . . to entice us to take unsafe action without really thinking.”

Before answering any messages, Karppinen advises you to consider three questions:

  1. What are you being asked to do (e.g., provide sensitive information, click on a link, call someone, open up an attachment) and why?
  2. Did the message you received elicit an emotional response (good or bad)?
  3. Be suspicious and ask yourself: What is someone trying to steal from me?

“Think before you act” is a good motto to follow.

See also: Protect Your Virtual Fitness Business

Warning Signs of a Cyberattack

According to a 2020 report from Verizon, 71% of data breaches are financially motivated. A data breach is any unauthorized access to a system with the intent to steal confidential information.

Many such breaches result from phishing expeditions (AmTrust Financial 2022; Sjouwerman 2022). Here’s what to be on the alert for on the phone and in emails, texts and other messages:

Messages About Money

  • A request for a gift card, wire transfer or donation may seem to come from a friend or family member or from an authority figure, such as your employer or a representative from a club or association you belong to.
  • A request for your bank account or online login information may be made under the premise that money needs to be transferred to your account.
  • You may be asked to confirm an expense on an account or confirm account numbers.
  • The message may say your account is about to be closed or that there are problems with taxes or Social Security payments.

Urgent Requests or Threats

  • Urgent requests may be made for immediate contributions to help people following a disaster or to help an organization reach a fundraising goal.
  • The message may threaten to close an account or cancel your email service unless you respond quickly.
  • You may receive a threat to send an account to a bill collector, along with a link to follow up.

Emails from Businesses You Use and Work For

  • Subject lines may state equipment or software needs an update or tell you there is an attached document to review and sign.
  • Microsoft, Zoom or Google may appear to be requesting security codes or providing expiration notices.
  • Delayed shipping notices from Amazon or shipping companies may be used to get you to click on a link or share credit card information.

Errors and Typos

  • Look for a slightly misspelled address or name, poor grammar, broken links and other errors. Odds are a business won’t be sending you a document full of mistakes.
  • Hover your mouse over the sender’s email address and see if it is the company’s. Sometimes a company name is woven in with extra words or characters to make it seem correct. Always verify the URL. 
  • Check the sender’s email or caller ID against your contacts list, knowing that these may be false.

Tips for Foiling Phishers

  • Do not call the phone number on a suspicious email. Look on their website and call that number instead.
  • Do not click on a link. Use a browser to go to the website and follow up there.
  • Do not reply directly to a suspicious email. Go to the company or agency’s website to check whether they ever send emails. Many will expressly state if they do not.
  • Do not provide any account numbers, PINs or personal information to someone who reaches out to you.

Best Practices for Cybersecurity

For many fitness professionals and business owners, personal lives and work lives are intertwined on computers and mobile devices. Hybrid and in-person sessions, operations managed through cloud-based providers, personal news feeds, social media accounts and cute cat videos are on smartphones and laptops. Apply the basics of cybersecurity to both personal and business accounts (NAS 2022; Nurse et al. 2022; Union Bank 2022; FCC 2020).

Keep software updated. Software updates often contain security fixes or upgrades, which makes it worth updating quickly. An option is to set up programs to update automatically. A reliable antivirus software is a must-have for your computer and mobile devices. Keep antivirus software updated, too.

Use multifactor authentication (MFA). MFA uses security questions (e.g., “What is the maiden name of your mother’s mother?” or “What is the name of your first pet?”). Another option is to request a PIN sent to your text or separate email. The MFA verifies who you are and prevents unauthorized access to the account, device or network.

Regularly review online accounts. The quicker you spot a problem with a bank, business operation, email or social media account, the faster you can take action to halt misuse. Set a day each week to check for unauthorized activity. Enroll in a credit reporting service, such as Experian, Equifax or TransUnion.

Back up data. Save all your data on a regular basis. If an account is hacked, you still have access. An external hard drive, online cloud storage and paper printouts are options.

See also: Client Confidentiality Is Crucial

Password Protection Suggestions for Cybersecurity

Many people use the same short password for each account—often one that’s based on their child’s name or a birthday, because it is easy to remember. Hackers know this. Passwords and other knowledge-based credentials are the cause of over 80% of data breaches, according to the 2022 Verizon report. The solution? Use a separate complex password for each account. Here are a few ways to create them:

Mix up placement of capitals and numerals. One professional password hacker explained that if a password is required to have a number and capital letter, most people will put the uppercase letter first and the number last. It’s a pattern hackers can follow (Angwin 2022).

Use a password generator. Strong passwords are 16 characters in length with a combination of capital and lowercase letters and symbols. Creating a password of that quality for each account may seem daunting, but that’s where a password generator helps. Password generators use an algorithm to generate a random series of letters and numbers.

Use a password manager. A password manager (a web search will find several options) can generate a password, encrypt it and store it. You then use one single “master password” (or your thumbprint) to access the different passwords you will use (Rubenking 2022; National Cyber Security Centre 2021).

Generate your own random passwords. Another approach is the random word technique recommended by CybSafe, says Karppinen. Choose three unrelated words, and add some capitals and special characters. You can check the security of your password selection at Security.org’s “How Secure Is My Password?” page.

Apply password protection to voicemail, too. Hackers can intercept two-factor authentication PINs sent via voice. Business voicemail messages can also be intercepted. The scammer spoofs the business name, replies to callers and asks for payment or personal information (FCC 2022).

What to Do If You’ve Been Hacked

If you become the victim of a cyberattack, there are immediate steps to take to increase your cybersecurity (FTC n.d.; Steinberg 2020).

Change your passwords. Immediately replace current passwords with new, complex ones. Never use the old passwords again.

Notify affected parties. Immediately report the incident to the individuals or companies that may be impacted by the hack.

Access your credit report. Check for unauthorized transactions to see if identity thieves opened credit cards in your name. Phone the fraud department of each card company to report unauthorized charges and cancel existing or unauthorized cards.

Also place a fraud alert and/or credit freeze on your credit file.

Check financial entities. Look for unauthorized transactions here, too. Inform your bank or banks immediately. You may need to close current accounts and open new ones. If you have creditors, telephone them and speak to the fraud department.

File both a fraud report and a police report. These reports list details and are proof that the fraud was committed. You may need these later if your credit or identity is questioned. Plus, you are helping others by providing information that financial, security and other types of organizations need to develop systems to counteract cyberattacks.

Here are a few places you can file:

  • Report an online or internet-enabled crime to the FBI Internet Crime Complaint Center (IC3) at ic3.gov/.
  • Report a scam, company (e.g., for false advertising) or price gouging to Fight Fraud at the Federal Trade Commission at ReportFraud.ftc.gov.
  • Report a cyber incident to the Canadian Centre for Cyber Security at cyber.gc.ca/en/incident-
    management.
  • Report an online cybercrime to the European Union Agency for Law Enforcement Cooperation at europol.europa.eu/report-a-crime/report-cybercrime-online.

Stay Cybersecurity Safe Online

Hackers are highly invested in tricking people like you and your clients out of your hard-earned money. The technical actions and strategies in this article can help you mitigate the risks, but even more important are your everyday actions. Cybersecurity experts are unanimous in stating that it is predominantly humans and human error that enable cybercriminals to enter our systems. Stop and think before sharing personal details, look carefully at communications before you act, and double-check your passwords and account statements regularly. As with health and fitness, putting in the effort day by day and month by month is the best path to success!

Cybersecurity

 

Resources

Security.org: password security check security.org Cybercrime Support Network: resources to recognize, report and recover FightCybercrime.org Federal Trade Commission: common scam information, how to get money back, prevention ReportFraud.ftc.gov The National Cybersecurity Alliance: online safety tips, resources and guides staysafeonline.org/ The National Cyber Security Centre: information for families and small businesses ncsc.gov.uk/ Federal Communications Commission:

  • Tips for secure web navigation and transactions fcc.gov/consumers/guides/secure-web-navigation-and-transactions
  • Wireless connections and bluetooth security tips fcc.gov/consumers/guides/how-protect-yourself-online

References

AmTrust Financial. 2022. What is a phishing attack? Accessed Oct.  6, 2022: amtrustfinancial.com/blog/insurance-products/what-is-a-phishing-attack. Angwin, J. 2022. Lessons from a professional password cracker. The Markup. Accessed Oct. 6, 2022: themarkup.org/newsletter/hello-world/lessons-from-a-professional-password-cracker?utm_source=pocket-newtab. FCC (Federal Communications Commission). 2020. Tips for secure web navigation and transactions. Accessed Oct. 6, 2022: fcc.gov/consumers/guides/secure-web-navigation-and-transactions. FCC. 2022. Voicemail hacking. Accessed Oct. 13, 2022: fcc.gov/consumers/guides/voicemail-hacking. Freundlich, K. 2021. Why so many people fall for scams. Morris Psychological Group. Accessed Oct. 6, 2022: morrispsych.com/why-so-many-people-fall-for-scams-by-kenneth-freundlich-ph-d/. FTC (Federal Trade Commission). n.d. Report to help fight fraud! Accessed Nov. 1, 2022: reportfraud.ftc.gov/#/. Lameiras, A. 2022. 10 reasons why we fall for scams. WeLiveSecurity. Accessed Oct. 13, 2022: welivesecurity.com/2022/05/12/10-reasons-why-we-fall-scams/. NAS (National Academy of Sciences). 2022. Ask a scientist . . . how do you protect your data? The Science & Entertainment Exchange. Accessed Oct. 4, 2022:  youtube.com/watch?v=qJH7FqCENS8. National Cyber Security Centre. 2021. Password managers: Using browsers and apps to safely store your passwords. Accessed Oct. 18, 2022: ncsc.gov.uk/collection/top-tips-for-staying-secure-online/password-managers. Nurse, J., et al. 2022. O, Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2022. National Cybersecurity Alliance and CybSafe. Accessed Oct. 17, 2022:  cybsafe.com/whitepapers/cybersecurity-attitudes-and-behaviors-report/. Rubenking, N.J. 2022. How to use a random password generator. PCMag. Accessed Nov. 6, 2022: pcmag.com/how-to/how-to-use-a-random-password-generator. Security.org. 1995–2022. How secure is my password? Accessed Dec. 8, 2022: security.org/how-secure-is-my-password/. Sjouwerman, S. 2022. KnowBe4 top-clicked phishing email subjects for Q3 2022. Accessed Nov. 7, 2022: blog.knowbe4.com/knowbe4-top-clicked-phishing-email-subjects-for-q3-2022-infographic. Steinberg, S. 2020. The latest ways identity thieves are targeting you—and what to do if you are a victim. Accessed Oct. 6, 2022: cnbc.com/2020/02/27/these-are-the-latest-ways-identity-thieves-are-targeting-you.html. Union Bank. 2022. Tips to help you stay cyber safe. Accessed Oct. 4, 2022: assets.unionbank.com/assets/file/private-banking/tips-to-help-you-stay-cyber-safe.pdf. Verizon. 2020. 2019 Verizon Data Breach Investigations Report (DBIR). Summary of findings. Accessed Dec. 8, 2022: verizon.com/business/resources/reports/dbir/2019/summary-of-findings/. Verizon. 2022 Verizon Data Breach Investigations Report (DBIR). Accessed Nov. 4, 2022: verizon.com/business/resources/T787/reports/dbir/2022-data-breach-investigations-report-dbir.pdf.


Patricia Ryan, MS

Patricia Ryan, MS, develops educational content for leaders and professionals in the wellness, fitness and older-adult marketplaces. Ryan has conducted market research and authored numerous white papers, survey reports, industry analyses and research reviews along with producing educational webinars. She holds a master’s of science degree in instructional technology aimed at designing professional education. She was IDEA’s first editor in chief and developed the Gold Standard of content for which IDEA is still known.

Related Articles